RE: Secure channel to ISA

• From: "Derbyshev Igor" <derbyshev@xxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 25 Feb 2004 17:33:31 +0300

Another question.
What is the purpose of SSL listener port for outbound requests?

IP routing is enabled, because I need outbound PPTP calls.
How can ISA break IpSec traffic? Can you give me any link to articles
describing the problem?

Thanks in advance...
 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Wednesday, February 25, 2004 5:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Secure channel to ISA

http://www.ISAserver.org

Yes, you can, but you can't restrict it to SSL-only.
IPSec between LAT hosts is your best bet.

Be careful, though; if you have "Enabled IP Routing" selected in IP
Packet Filtering properties, your IPSec between ISA and the SecureNAT /
Firewall clients can break when ISA moves traffic using the Kernel Mode
Data Pump (keep her back, Tom!).

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Wed, 25 Feb 2004 17:01:06 +0300
 "Derbyshev Igor" <derbyshev@xxxxxxxx> wrote:
http://www.ISAserver.org

Thanks for reply.
No, I'm not web publishing. 
I know how to configure SSL bridging in Web Publishing Rule. I'd like to
know if I can implement the same functionality (SSL bridging) for client
in corporate network accessing external resources. I.e. from the other
side of firewall.

P.S. I want to secure HTTP traffic while it flows through corporate
network. Now I implement this solution using IpSec filters. I'm just
interested ;) if I can do the same thing only by configuration of ISA &
IE clients or not?


-----Original Message-----
From: Mike Malter [mailto:mike@xxxxxxxxxxxxxx]
Sent: Wednesday, February 25, 2004 4:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Secure channel to ISA

http://www.ISAserver.org

Igor,

If you are web publishing, go to the bridging tab of the properties of
the site you are publishing and under Redirect HTTP requests, click SSL.
Then you'll always have an SSL connection over your internal network
from ISA to your website.

Hope this helps.

Mike Malter
(415) 479-1968 Office
(415) 309-4637 Mobile
(415) 462-2941 FAX

-----Original Message-----
From: Derbyshev Igor [mailto:derbyshev@xxxxxxxx]
Sent: Wednesday, February 25, 2004 2:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Secure channel to ISA

http://www.ISAserver.org

Hello.
I have an ISA Server 2000 in integrated mode.
Can I configure ISA & clients so that channel between client and
WebProxy was always secure (SSL), regardless of whether the destination
site is secure (HTTPS) or not, i.e:

1. Client establishes an SSL session to WebProxy service.
2. The WebProxy service looks: if destination site is secure, it
establishes new secure channel, otherwise a normal unsecure HTTP
channel.

Or only implementing IpSec can help me in this scenario?
Thanks.

Sincerely yours,
  Igor Derbyshev
  Systems Administrator, MCSA (W2k)
  tel: +7 (0832) 644039
  e-mail: derbyshev@xxxxxxxx
 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mike@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
derbyshev@xxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
derbyshev@xxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Secure channel to ISA
• » RE: Secure channel to ISA
• » RE: Secure channel to ISA
• » RE: Secure channel to ISA
• » RE: Secure channel to ISA
• » RE: Secure channel to ISA
• » RE: Secure channel to ISA
• » RE: Secure channel to ISA
• » RE: Secure channel to ISA
• » RE: Secure channel to ISA

1. Home
2. isalist
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---